network forensics - hackfest · “network forensics is the idea of being able to ... 173.194.9.152...
TRANSCRIPT
Network Forensics
LOIAvant d’analyser ou effectué des captures
réseau assurez-vous d’avoir les droits.
Plan De Prez
QUI
???? Network Forensics ????
“Network forensics is the idea of being able to resolve network problems through captured network traffic”-L’internet
Sniffertapport spanwirelesshost base
Format pcap ? netflow
ATTENTION !!!!
FLOW != PCAP
Outils-Wireshark
-Tcpdump
-scapy
-Netwitness Investigator
-NetworkMiner
-Xplico
-Microsoft Message Analyzer
Wireshark
TCPDump
Scapy
NetWitness Inverstigator
NetworkMiner
Xplico
Microsoft Message Analyser
Microsoft Message Analyser
Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl
netsh trace stop
Cas d’usage
DNS● Requête louche dans netflow (1 go dns ???)● Requête à des dns externe
Cas d’usage
WIFI Decrypt wpa/wpa2● wpa-pwd SSID:PASS● wpa-psk RAW hashDecrypt SSL
Cas d’usage
Écrire règle IDS● snortalert tcp any any -> any 80 (content:"or 1=1"; content:"exploit"; http_cookie;)
Cas d’usage
Reconstruire conversation téléphonique
Cas d’usage
Trouver fuite de donnée● Ping● DNS● HTTP(s)● tcp/udp● Autre forme obscure